Vulnerability-Lookup

CVE-2019-7638 (GCVE-0-2019-7638)

Vulnerability from cvelistv5 – Published: 2019-02-08 00:00 – Updated: 2024-08-04 20:54

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

17 references

URL	Tags
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://discourse.libsdl.org/t/vulnerabilities-fo…
https://bugzilla.libsdl.org/show_bug.cgi?id=4500
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
https://security.gentoo.org/glsa/201909-07	vendor-advisory
https://usn.ubuntu.com/4143-1/	vendor-advisory
https://usn.ubuntu.com/4156-1/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.debian.org/debian-lts-announce/2019…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2021…	mailing-list
https://lists.debian.org/debian-lts-announce/2021…	mailing-list
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202305-17	vendor-advisory

Date Public

2019-02-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:54:28.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
          },
          {
            "name": "openSUSE-SU-2019:1213",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
          },
          {
            "name": "openSUSE-SU-2019:1223",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1261",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
          },
          {
            "name": "GLSA-201909-07",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201909-07"
          },
          {
            "name": "USN-4143-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4143-1/"
          },
          {
            "name": "USN-4156-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4156-1/"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
          },
          {
            "name": "FEDORA-2020-24652fe41c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
          },
          {
            "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
          },
          {
            "name": "GLSA-202305-17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
        },
        {
          "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
        },
        {
          "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
        },
        {
          "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
        },
        {
          "name": "openSUSE-SU-2019:1213",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
        },
        {
          "name": "openSUSE-SU-2019:1223",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
        },
        {
          "name": "openSUSE-SU-2019:1261",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
        },
        {
          "name": "GLSA-201909-07",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201909-07"
        },
        {
          "name": "USN-4143-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4143-1/"
        },
        {
          "name": "USN-4156-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4156-1/"
        },
        {
          "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
        },
        {
          "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
        },
        {
          "name": "FEDORA-2020-24652fe41c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
        },
        {
          "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
        },
        {
          "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
        },
        {
          "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
        },
        {
          "name": "GLSA-202305-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-17"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7638",
    "datePublished": "2019-02-08T00:00:00.000Z",
    "dateReserved": "2019-02-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:54:28.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-7638",
      "date": "2026-05-29",
      "epss": "0.03683",
      "percentile": "0.88122"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-7638\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-08T11:29:00.453\",\"lastModified\":\"2024-11-21T04:48:26.700\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.\"},{\"lang\":\"es\",\"value\":\"SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en Map1toN en video/SDL_pixels.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.2.15\",\"matchCriteriaId\":\"1987484C-BB76-4554-B040-1A8D2C90F0AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndIncluding\":\"2.0.9\",\"matchCriteriaId\":\"85C1FFE9-9495-4484-9D25-590ECE49482B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4500\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4143-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.libsdl.org/show_bug.cgi?id=4500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201909-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4143-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4156-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

BDU:2020-04720

Vulnerability from fstec - Published: 14.03.2019

Title

Уязвимость функции Map1toN библиотеки Simple DirectMedia Layer, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Description

Уязвимость функции Map1toN (video/SDL_pixels.c.) библиотеки Simple DirectMedia Layer связана с переполнением буфера на основе кучи. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., Сообщество свободного программного обеспечения, Fedora Project, АО "НППКТ", АО «Концерн ВНИИНС»

Software Name

Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, Suse Linux Enterprise Server, SDL, Astra Linux Common Edition (запись в едином реестре российских программ №4433), SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Fedora, SUSE Linux Enterprise High Performance Computing, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

16.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), до 1.2.15 включительно (SDL), от 2.0.0 до 2.0.9 включительно (SDL), 2.12 «Орёл» (Astra Linux Common Edition), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 11 SP3 (SUSE Linux Enterprise Point of Sale), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 31 (Fedora), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.1 (ОСОН ОСнова Оnyx), до 2.5 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Использование рекомендаций: Для Simple DirectMedia Layer: Обновление библиотеки Simple DirectMedia Layer до актуальной версии Для Astralinux: Использование рекомендаций в Бюллетене № 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 Или использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16 https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 Для Ubuntu: https://usn.ubuntu.com/4143-1/ https://usn.ubuntu.com/4156-1/ Для Debian GNU/Linux: https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ Для ОСОН Основа: Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1 Для ОСОН Основа: Обновление программного обеспечения libsdl2 до версии 2.0.14+dfsg2-3 Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17 Для Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: - обновить пакет libsdl2 до 2.0.5+dfsg1-2+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 - обновить пакет libsdl1.2 до 1.2.15+dfsg1-4+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения libsdl2 до версии 2.0.5+dfsg1-2+deb9u2 Обновление программного обеспечения libsdl1.2 до версии 1.2.15+dfsg2-6.osnova1

Reference

https://bugzilla.libsdl.org/show_bug.cgi?id=4500 https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720 https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/ https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html https://nvd.nist.gov/vuln/detail/CVE-2019-7638 https://security-tracker.debian.org/tracker/CVE-2019-7638 https://usn.ubuntu.com/4143-1/ https://usn.ubuntu.com/4156-1/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16 https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483 https://www.suse.com/security/cve/CVE-2019-7638/ https://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/ https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 42.3 (OpenSUSE Leap), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), \u0434\u043e 1.2.15 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), \u043e\u0442 2.0.0 \u0434\u043e 2.0.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SDL), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Desktop Applications), 15 SP1 (SUSE Linux Enterprise Module for Desktop Applications), 11 SP3 (SUSE Linux Enterprise Point of Sale), 11 SP4 (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 31 (Fedora), 12 SP5 (SUSE Linux Enterprise High Performance Computing), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Simple DirectMedia Layer:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astralinux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u0432 \u0411\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u2116 20190329SE15: https://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\n\u0418\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4143-1/ \nhttps://usn.ubuntu.com/4156-1/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.14+dfsg2-3\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl2 \u0434\u043e 2.0.5+dfsg1-2+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libsdl1.2 \u0434\u043e 1.2.15+dfsg1-4+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.0.5+dfsg1-2+deb9u2\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libsdl1.2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.2.15+dfsg2-6.osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.03.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04720",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-7638",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, Suse Linux Enterprise Server, SDL, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), SUSE Linux Enterprise Module for Desktop Applications, SUSE Linux Enterprise Point of Sale, Debian GNU/Linux, Fedora, SUSE Linux Enterprise High Performance Computing, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb 64-bit (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , Novell Inc. OpenSUSE Leap 42.3 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. Suse Linux Enterprise Server 11 SP4 , Canonical Ltd. Ubuntu 12.04 ESM , Canonical Ltd. Ubuntu 19.04 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.0 32-bit, Novell Inc. OpenSUSE Leap 15.0 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP4 , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , Novell Inc. Suse Linux Enterprise Server 12 SP5 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Fedora Project Fedora 31 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Map1toN \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 Map1toN (video/SDL_pixels.c.) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Simple DirectMedia Layer \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043a\u0443\u0447\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500\nhttps://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00015.html\nhttps://lists.debian.org/debian-lts-announce/2019/03/msg00016.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00020.html\nhttps://lists.debian.org/debian-lts-announce/2019/10/msg00021.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html\nhttps://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7638\nhttps://security-tracker.debian.org/tracker/CVE-2019-7638\nhttps://usn.ubuntu.com/4143-1/\nhttps://usn.ubuntu.com/4156-1/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=1212483\nhttps://www.suse.com/security/cve/CVE-2019-7638/\nhttps://www.suse.com/support/update/announcement/2019/suse-su-201913998-1/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1110SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-1121SE47\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

CERTFR-2022-AVI-267

Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23

De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos Space	Juniper Networks Junos Space versions antérieures à 21.1R1

References

Title

Publication Time

CNVD-2019-29173

Vulnerability from cnvd - Published: 2019-08-28

Title

SDL (Simple DirectMedia Layer)缓冲区溢出漏洞

Description

Simple DirectMedia Layer（SDL）是一个用于用于访问低级硬件和图形，并为游戏、软件和仿真器提供支持的多平台库。 SDL 1.2.15及之前版本和2.x版本至2.0.9版本中的video/SDL_surface.c文件的‘SDL_FillRect’函数存在基于堆的缓冲区溢出漏洞。攻击者可利用该漏洞在系统上执行任意代码。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.libsdl.org/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-7638

Impacted products

Name
['SDL SDL (Simple DirectMedia Layer) <=1.2.15', 'SDL SDL (Simple DirectMedia Layer) 2.x (<=2.0.9)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7638"
    }
  },
  "description": "Simple DirectMedia Layer\uff08SDL\uff09\u662f\u4e00\u4e2a\u7528\u4e8e\u7528\u4e8e\u8bbf\u95ee\u4f4e\u7ea7\u786c\u4ef6\u548c\u56fe\u5f62\uff0c\u5e76\u4e3a\u6e38\u620f\u3001\u8f6f\u4ef6\u548c\u4eff\u771f\u5668\u63d0\u4f9b\u652f\u6301\u7684\u591a\u5e73\u53f0\u5e93\u3002\n\nSDL 1.2.15\u53ca\u4e4b\u524d\u7248\u672c\u548c2.x\u7248\u672c\u81f32.0.9\u7248\u672c\u4e2d\u7684video/SDL_surface.c\u6587\u4ef6\u7684\u2018SDL_FillRect\u2019\u51fd\u6570\u5b58\u5728\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "opensuse-security",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.libsdl.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29173",
  "openTime": "2019-08-28",
  "products": {
    "product": [
      "SDL SDL (Simple DirectMedia Layer) \u003c=1.2.15",
      "SDL SDL (Simple DirectMedia Layer) 2.x (\u003c=2.0.9)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-7638",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-11",
  "title": "SDL (Simple DirectMedia Layer)\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2019-7638

Vulnerability from fkie_nvd - Published: 2019-02-08 11:29 - Updated: 2024-11-21 04:48

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html	Mailing List, Third Party Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html	Mailing List, Third Party Advisory
cve@mitre.org	https://bugzilla.libsdl.org/show_bug.cgi?id=4500	Exploit, Issue Tracking, Vendor Advisory
cve@mitre.org	https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720	Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
cve@mitre.org	https://security.gentoo.org/glsa/201909-07	Third Party Advisory
cve@mitre.org	https://security.gentoo.org/glsa/202305-17
cve@mitre.org	https://usn.ubuntu.com/4143-1/	Third Party Advisory
cve@mitre.org	https://usn.ubuntu.com/4156-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.libsdl.org/show_bug.cgi?id=4500	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201909-07	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202305-17
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4143-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4156-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
libsdl	simple_directmedia_layer	*
libsdl	simple_directmedia_layer	*
debian	debian_linux	8.0
debian	debian_linux	9.0
opensuse	leap	15.0
opensuse	leap	42.3
fedoraproject	fedora	31
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1987484C-BB76-4554-B040-1A8D2C90F0AA",
              "versionEndIncluding": "1.2.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C1FFE9-9495-4484-9D25-590ECE49482B",
              "versionEndIncluding": "2.0.9",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c."
    },
    {
      "lang": "es",
      "value": "SDL (Simple DirectMedia Layer), hasta la versi\u00f3n 1.2.15 y en versiones 2.x hasta la 2.0.9, tiene una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) en Map1toN en video/SDL_pixels.c."
    }
  ],
  "id": "CVE-2019-7638",
  "lastModified": "2024-11-21T04:48:26.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-08T11:29:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4143-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4143-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4156-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GQ9F-WP2W-Q86X

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04

Details

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-7638"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-02-08T11:29:00Z",
    "severity": "HIGH"
  },
  "details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
  "id": "GHSA-gq9f-wp2w-q86x",
  "modified": "2022-05-13T01:04:45Z",
  "published": "2022-05-13T01:04:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7638"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
    },
    {
      "type": "WEB",
      "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201909-07"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202305-17"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4143-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4156-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-7638

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

Aliases

CVE-2019-7638

Aliases

CVE-2019-7638

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-7638",
    "description": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
    "id": "GSD-2019-7638",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-7638.html",
      "https://access.redhat.com/errata/RHSA-2020:4627",
      "https://access.redhat.com/errata/RHSA-2020:3868",
      "https://ubuntu.com/security/CVE-2019-7638",
      "https://advisories.mageia.org/CVE-2019-7638.html",
      "https://security.archlinux.org/CVE-2019-7638",
      "https://linux.oracle.com/cve/CVE-2019-7638.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-7638"
      ],
      "details": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
      "id": "GSD-2019-7638",
      "modified": "2023-12-13T01:23:46.566617Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-7638",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
          },
          {
            "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
          },
          {
            "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
            "refsource": "MISC",
            "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
          },
          {
            "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500",
            "refsource": "MISC",
            "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
          },
          {
            "name": "openSUSE-SU-2019:1213",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
          },
          {
            "name": "openSUSE-SU-2019:1223",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
          },
          {
            "name": "openSUSE-SU-2019:1261",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
          },
          {
            "name": "GLSA-201909-07",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201909-07"
          },
          {
            "name": "USN-4143-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4143-1/"
          },
          {
            "name": "USN-4156-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4156-1/"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
          },
          {
            "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
          },
          {
            "name": "FEDORA-2020-24652fe41c",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
          },
          {
            "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
          },
          {
            "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
          },
          {
            "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
          },
          {
            "name": "GLSA-202305-17",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202305-17"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.9",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:libsdl:simple_directmedia_layer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.2.15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7638"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15/25720"
            },
            {
              "name": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.libsdl.org/show_bug.cgi?id=4500"
            },
            {
              "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1714-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00016.html"
            },
            {
              "name": "[debian-lts-announce] 20190313 [SECURITY] [DLA 1713-1] libsdl1.2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00015.html"
            },
            {
              "name": "openSUSE-SU-2019:1213",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00063.html"
            },
            {
              "name": "openSUSE-SU-2019:1223",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00073.html"
            },
            {
              "name": "openSUSE-SU-2019:1261",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00088.html"
            },
            {
              "name": "GLSA-201909-07",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201909-07"
            },
            {
              "name": "USN-4143-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4143-1/"
            },
            {
              "name": "USN-4156-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4156-1/"
            },
            {
              "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1714-2] libsdl2 regression update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00021.html"
            },
            {
              "name": "FEDORA-2020-24652fe41c",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZO47LLKKRXKMUGSRCFNHSTHG5OEBYCG/"
            },
            {
              "name": "[debian-lts-announce] 20210130 [SECURITY] [DLA 2536-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00024.html"
            },
            {
              "name": "[debian-lts-announce] 20211031 [SECURITY] [DLA 2804-1] libsdl1.2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00032.html"
            },
            {
              "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3314-1] libsdl2 security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00008.html"
            },
            {
              "name": "GLSA-202305-17",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202305-17"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-05-03T12:15Z",
      "publishedDate": "2019-02-08T11:29Z"
    }
  }
}

OPENSUSE-SU-2019:1223-1

Vulnerability from csaf_opensuse - Published: 2019-04-17 13:29 - Updated: 2019-04-17 13:29

Summary

Security update for SDL

Severity

Moderate

Notes

Title of the patch: Security update for SDL

Description of the patch: This update for SDL fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1223

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7576

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

49 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1124799	self
https://bugzilla.suse.com/1124800	self
https://bugzilla.suse.com/1124802	self
https://bugzilla.suse.com/1124803	self
https://bugzilla.suse.com/1124805	self
https://bugzilla.suse.com/1124806	self
https://bugzilla.suse.com/1124824	self
https://bugzilla.suse.com/1124825	self
https://bugzilla.suse.com/1124826	self
https://bugzilla.suse.com/1124827	self
https://bugzilla.suse.com/1125099	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7576/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7576	external
https://bugzilla.suse.com/1124799	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SDL",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SDL fixes the following issues:\n\nSecurity issues fixed:\t  \n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1223",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1223-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1223-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1223-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW/#PVVNKCWJ5RBDOAJTNQX6VN77H27KTKSW"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124799",
        "url": "https://bugzilla.suse.com/1124799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124800",
        "url": "https://bugzilla.suse.com/1124800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124802",
        "url": "https://bugzilla.suse.com/1124802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124803",
        "url": "https://bugzilla.suse.com/1124803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124805",
        "url": "https://bugzilla.suse.com/1124805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124806",
        "url": "https://bugzilla.suse.com/1124806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124824",
        "url": "https://bugzilla.suse.com/1124824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124825",
        "url": "https://bugzilla.suse.com/1124825"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124826",
        "url": "https://bugzilla.suse.com/1124826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124827",
        "url": "https://bugzilla.suse.com/1124827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125099",
        "url": "https://bugzilla.suse.com/1125099"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7576 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "Security update for SDL",
    "tracking": {
      "current_release_date": "2019-04-17T13:29:07Z",
      "generator": {
        "date": "2019-04-17T13:29:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1223-1",
      "initial_release_date": "2019-04-17T13:29:07Z",
      "revision_history": [
        {
          "date": "2019-04-17T13:29:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
                  "product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
                  "product_id": "libSDL-devel-1.2.15-lp150.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
                  "product_id": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7576",
          "url": "https://www.suse.com/security/cve/CVE-2019-7576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124799 for CVE-2019-7576",
          "url": "https://bugzilla.suse.com/1124799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7576"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-1_2-0-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-1_2-0-32bit-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL-devel-1.2.15-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL-devel-32bit-1.2.15-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-17T13:29:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2019:1261-1

Vulnerability from csaf_opensuse - Published: 2019-04-23 15:07 - Updated: 2019-04-23 15:07

Summary

Security update for SDL2

Severity

Moderate

Notes

Title of the patch: Security update for SDL2

Description of the patch: This update for SDL2 fixes the following issues: Security issues fixed: - CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806). - CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099). - CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799). - CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805). - CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827). - CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826). - CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824). - CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803). - CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825). - CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800). This update was imported from the SUSE:SLE-15:Update update project.

Patchnames: openSUSE-2019-1261

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7576

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 6 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

49 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1124799	self
https://bugzilla.suse.com/1124800	self
https://bugzilla.suse.com/1124802	self
https://bugzilla.suse.com/1124803	self
https://bugzilla.suse.com/1124805	self
https://bugzilla.suse.com/1124806	self
https://bugzilla.suse.com/1124824	self
https://bugzilla.suse.com/1124825	self
https://bugzilla.suse.com/1124826	self
https://bugzilla.suse.com/1124827	self
https://bugzilla.suse.com/1125099	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7576/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7576	external
https://bugzilla.suse.com/1124799	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for SDL2",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for SDL2 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7572: Fixed a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.(bsc#1124806).\n- CVE-2019-7578: Fixed a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (bsc#1125099).\n- CVE-2019-7576: Fixed heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124799).\n- CVE-2019-7573: Fixed a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (bsc#1124805).\n- CVE-2019-7635: Fixed a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. (bsc#1124827).\n- CVE-2019-7636: Fixed a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (bsc#1124826).\n- CVE-2019-7638: Fixed a heap-based buffer over-read in Map1toN in video/SDL_pixels.c (bsc#1124824).\n- CVE-2019-7574: Fixed a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (bsc#1124803).\n- CVE-2019-7575: Fixed a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (bsc#1124802).\n- CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect function in SDL_surface.c (bsc#1124825).\n- CVE-2019-7577: Fixed a buffer over read in SDL_LoadWAV_RW in audio/SDL_wave.c (bsc#1124800).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1261",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1261-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1261-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1261-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U/#MSOTDS52YKZL25TU3JHV22PWUVFQ6U5U"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124799",
        "url": "https://bugzilla.suse.com/1124799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124800",
        "url": "https://bugzilla.suse.com/1124800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124802",
        "url": "https://bugzilla.suse.com/1124802"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124803",
        "url": "https://bugzilla.suse.com/1124803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124805",
        "url": "https://bugzilla.suse.com/1124805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124806",
        "url": "https://bugzilla.suse.com/1124806"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124824",
        "url": "https://bugzilla.suse.com/1124824"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124825",
        "url": "https://bugzilla.suse.com/1124825"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124826",
        "url": "https://bugzilla.suse.com/1124826"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124827",
        "url": "https://bugzilla.suse.com/1124827"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1125099",
        "url": "https://bugzilla.suse.com/1125099"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7576 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "Security update for SDL2",
    "tracking": {
      "current_release_date": "2019-04-23T15:07:46Z",
      "generator": {
        "date": "2019-04-23T15:07:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1261-1",
      "initial_release_date": "2019-04-23T15:07:46Z",
      "revision_history": [
        {
          "date": "2019-04-23T15:07:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
                  "product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
                "product": {
                  "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
                  "product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
                  "product_id": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.8-lp150.2.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586"
        },
        "product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7576",
          "url": "https://www.suse.com/security/cve/CVE-2019-7576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124799 for CVE-2019-7576",
          "url": "https://bugzilla.suse.com/1124799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7576"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
          "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
          "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-2_0-0-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-2_0-0-32bit-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.i586",
            "openSUSE Leap 15.0:libSDL2-devel-2.0.8-lp150.2.3.1.x86_64",
            "openSUSE Leap 15.0:libSDL2-devel-32bit-2.0.8-lp150.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-04-23T15:07:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2024:10606-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libSDL-1_2-0-1.2.15-22.13 on GA media

Severity

Moderate

Notes

Title of the patch: libSDL-1_2-0-1.2.15-22.13 on GA media

Description of the patch: These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10606

CVE-2019-13616

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7572

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7573

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7574

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7575

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7577

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7578

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7636

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7637

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64	—	Vendor Fix

Threats

Impact moderate

References

36 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2019-13616/	self
https://www.suse.com/security/cve/CVE-2019-7572/	self
https://www.suse.com/security/cve/CVE-2019-7573/	self
https://www.suse.com/security/cve/CVE-2019-7574/	self
https://www.suse.com/security/cve/CVE-2019-7575/	self
https://www.suse.com/security/cve/CVE-2019-7577/	self
https://www.suse.com/security/cve/CVE-2019-7578/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7636/	self
https://www.suse.com/security/cve/CVE-2019-7637/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2019-13616	external
https://bugzilla.suse.com/1141844	external
https://www.suse.com/security/cve/CVE-2019-7572	external
https://bugzilla.suse.com/1124806	external
https://www.suse.com/security/cve/CVE-2019-7573	external
https://bugzilla.suse.com/1124805	external
https://www.suse.com/security/cve/CVE-2019-7574	external
https://bugzilla.suse.com/1124803	external
https://www.suse.com/security/cve/CVE-2019-7575	external
https://bugzilla.suse.com/1124802	external
https://www.suse.com/security/cve/CVE-2019-7577	external
https://bugzilla.suse.com/1124800	external
https://www.suse.com/security/cve/CVE-2019-7578	external
https://bugzilla.suse.com/1125099	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7636	external
https://bugzilla.suse.com/1124826	external
https://www.suse.com/security/cve/CVE-2019-7637	external
https://bugzilla.suse.com/1124825	external
https://bugzilla.suse.com/1134135	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libSDL-1_2-0-1.2.15-22.13 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libSDL-1_2-0-1.2.15-22.13 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10606",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10606-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13616 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13616/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7572 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7572/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7573 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7574 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7574/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7575 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7575/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7577 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7577/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7578 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7578/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7636 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7637 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7637/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "libSDL-1_2-0-1.2.15-22.13 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10606-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-devel-1.2.15-22.13.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-devel-1.2.15-22.13.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.s390x",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.s390x",
                  "product_id": "libSDL-devel-1.2.15-22.13.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.s390x",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-1_2-0-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-devel-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-devel-1.2.15-22.13.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
                "product": {
                  "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
                  "product_id": "libSDL-devel-32bit-1.2.15-22.13.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-1_2-0-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-devel-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL-devel-32bit-1.2.15-22.13.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        },
        "product_reference": "libSDL-devel-32bit-1.2.15-22.13.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13616",
          "url": "https://www.suse.com/security/cve/CVE-2019-13616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141844 for CVE-2019-13616",
          "url": "https://bugzilla.suse.com/1141844"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13616"
    },
    {
      "cve": "CVE-2019-7572",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7572"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7572",
          "url": "https://www.suse.com/security/cve/CVE-2019-7572"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124806 for CVE-2019-7572",
          "url": "https://bugzilla.suse.com/1124806"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7572"
    },
    {
      "cve": "CVE-2019-7573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7573",
          "url": "https://www.suse.com/security/cve/CVE-2019-7573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124805 for CVE-2019-7573",
          "url": "https://bugzilla.suse.com/1124805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7573"
    },
    {
      "cve": "CVE-2019-7574",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7574"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7574",
          "url": "https://www.suse.com/security/cve/CVE-2019-7574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124803 for CVE-2019-7574",
          "url": "https://bugzilla.suse.com/1124803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7574"
    },
    {
      "cve": "CVE-2019-7575",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7575"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7575",
          "url": "https://www.suse.com/security/cve/CVE-2019-7575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124802 for CVE-2019-7575",
          "url": "https://bugzilla.suse.com/1124802"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7575"
    },
    {
      "cve": "CVE-2019-7577",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7577"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7577",
          "url": "https://www.suse.com/security/cve/CVE-2019-7577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124800 for CVE-2019-7577",
          "url": "https://bugzilla.suse.com/1124800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7577"
    },
    {
      "cve": "CVE-2019-7578",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7578"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7578",
          "url": "https://www.suse.com/security/cve/CVE-2019-7578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125099 for CVE-2019-7578",
          "url": "https://bugzilla.suse.com/1125099"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7578"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7636",
          "url": "https://www.suse.com/security/cve/CVE-2019-7636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124826 for CVE-2019-7636",
          "url": "https://bugzilla.suse.com/1124826"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7636"
    },
    {
      "cve": "CVE-2019-7637",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7637"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7637",
          "url": "https://www.suse.com/security/cve/CVE-2019-7637"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124825 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1124825"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1134135 for CVE-2019-7637",
          "url": "https://bugzilla.suse.com/1134135"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7637"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
          "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-1_2-0-32bit-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-1.2.15-22.13.x86_64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.aarch64",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.ppc64le",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.s390x",
            "openSUSE Tumbleweed:libSDL-devel-32bit-1.2.15-22.13.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

OPENSUSE-SU-2024:10607-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libSDL2-2_0-0-2.0.16-2.3 on GA media

Severity

Moderate

Notes

Title of the patch: libSDL2-2_0-0-2.0.16-2.3 on GA media

Description of the patch: These are all security issues fixed in the libSDL2-2_0-0-2.0.16-2.3 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10607

CVE-2017-2888

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-13616

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-13626

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7635

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7638

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64	—	Vendor Fix

Threats

Impact moderate

References

18 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2017-2888/	self
https://www.suse.com/security/cve/CVE-2019-13616/	self
https://www.suse.com/security/cve/CVE-2019-13626/	self
https://www.suse.com/security/cve/CVE-2019-7635/	self
https://www.suse.com/security/cve/CVE-2019-7638/	self
https://www.suse.com/security/cve/CVE-2017-2888	external
https://bugzilla.suse.com/1062777	external
https://bugzilla.suse.com/1062784	external
https://www.suse.com/security/cve/CVE-2019-13616	external
https://bugzilla.suse.com/1141844	external
https://www.suse.com/security/cve/CVE-2019-13626	external
https://bugzilla.suse.com/1142031	external
https://www.suse.com/security/cve/CVE-2019-7635	external
https://bugzilla.suse.com/1124827	external
https://www.suse.com/security/cve/CVE-2019-7638	external
https://bugzilla.suse.com/1124824	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libSDL2-2_0-0-2.0.16-2.3 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libSDL2-2_0-0-2.0.16-2.3 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10607",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10607-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-2888 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-2888/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13616 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13616/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13626 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13626/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7635 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7635/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7638 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7638/"
      }
    ],
    "title": "libSDL2-2_0-0-2.0.16-2.3 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10607-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.16-2.3.aarch64",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.16-2.3.aarch64",
                  "product_id": "libSDL2-2_0-0-2.0.16-2.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.16-2.3.aarch64",
                "product": {
                  "name": "libSDL2-devel-2.0.16-2.3.aarch64",
                  "product_id": "libSDL2-devel-2.0.16-2.3.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.16-2.3.aarch64",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.16-2.3.aarch64",
                  "product_id": "libSDL2-devel-32bit-2.0.16-2.3.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.16-2.3.ppc64le",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.16-2.3.ppc64le",
                  "product_id": "libSDL2-2_0-0-2.0.16-2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.16-2.3.ppc64le",
                "product": {
                  "name": "libSDL2-devel-2.0.16-2.3.ppc64le",
                  "product_id": "libSDL2-devel-2.0.16-2.3.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
                  "product_id": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.16-2.3.s390x",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.16-2.3.s390x",
                  "product_id": "libSDL2-2_0-0-2.0.16-2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.16-2.3.s390x",
                "product": {
                  "name": "libSDL2-devel-2.0.16-2.3.s390x",
                  "product_id": "libSDL2-devel-2.0.16-2.3.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.16-2.3.s390x",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.16-2.3.s390x",
                  "product_id": "libSDL2-devel-32bit-2.0.16-2.3.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-2.0.16-2.3.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-2.0.16-2.3.x86_64",
                  "product_id": "libSDL2-2_0-0-2.0.16-2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
                "product": {
                  "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
                  "product_id": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-2.0.16-2.3.x86_64",
                "product": {
                  "name": "libSDL2-devel-2.0.16-2.3.x86_64",
                  "product_id": "libSDL2-devel-2.0.16-2.3.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libSDL2-devel-32bit-2.0.16-2.3.x86_64",
                "product": {
                  "name": "libSDL2-devel-32bit-2.0.16-2.3.x86_64",
                  "product_id": "libSDL2-devel-32bit-2.0.16-2.3.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64"
        },
        "product_reference": "libSDL2-2_0-0-2.0.16-2.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le"
        },
        "product_reference": "libSDL2-2_0-0-2.0.16-2.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x"
        },
        "product_reference": "libSDL2-2_0-0-2.0.16-2.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-2.0.16-2.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64"
        },
        "product_reference": "libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64"
        },
        "product_reference": "libSDL2-devel-2.0.16-2.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le"
        },
        "product_reference": "libSDL2-devel-2.0.16-2.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x"
        },
        "product_reference": "libSDL2-devel-2.0.16-2.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64"
        },
        "product_reference": "libSDL2-devel-2.0.16-2.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.16-2.3.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.16-2.3.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.16-2.3.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.16-2.3.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libSDL2-devel-32bit-2.0.16-2.3.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
        },
        "product_reference": "libSDL2-devel-32bit-2.0.16-2.3.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-2888",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-2888"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-2888",
          "url": "https://www.suse.com/security/cve/CVE-2017-2888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062777 for CVE-2017-2888",
          "url": "https://bugzilla.suse.com/1062777"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062784 for CVE-2017-2888",
          "url": "https://bugzilla.suse.com/1062784"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-2888"
    },
    {
      "cve": "CVE-2019-13616",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13616"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13616",
          "url": "https://www.suse.com/security/cve/CVE-2019-13616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141844 for CVE-2019-13616",
          "url": "https://bugzilla.suse.com/1141844"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13616"
    },
    {
      "cve": "CVE-2019-13626",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13626"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buffer over-read in Fill_IMA_ADPCM_block, caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13626",
          "url": "https://www.suse.com/security/cve/CVE-2019-13626"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142031 for CVE-2019-13626",
          "url": "https://bugzilla.suse.com/1142031"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-13626"
    },
    {
      "cve": "CVE-2019-7635",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7635"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7635",
          "url": "https://www.suse.com/security/cve/CVE-2019-7635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124827 for CVE-2019-7635",
          "url": "https://bugzilla.suse.com/1124827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7635"
    },
    {
      "cve": "CVE-2019-7638",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7638"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
          "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7638",
          "url": "https://www.suse.com/security/cve/CVE-2019-7638"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124824 for CVE-2019-7638",
          "url": "https://bugzilla.suse.com/1124824"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-2_0-0-32bit-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-2.0.16-2.3.x86_64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.aarch64",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.ppc64le",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.s390x",
            "openSUSE Tumbleweed:libSDL2-devel-32bit-2.0.16-2.3.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7638"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-7638 (GCVE-0-2019-7638)

Solution

Tags

Sightings

Nomenclature